Parity doesn't know the ETA of $164M issue fix

According to new statement of well known Ethereum Multi-Sig Wallet, "there is no timeline" for proposal that can defroze users' funds
16 November 2017   402

The team of well known Ethereum wallet released new statement, reegarding the frozen funds. It is worth noting that frozen funds are estimated for $164M.

Parity is working on several proposals to improve the Ethereum platform (EIP), which could unlock the funds. But so far no time can be called for when such a proposal for improvement can be implemented.

We deeply regret the situation and we are working hard on several Ethereum improvement proposals(EIPs), both contributing to previously existing ones and suggesting new ones that have the potential to unblock funds. These improvement proposals will also address general cases of blocked funds.
There is no timeline for when such an improvement proposal could be implemented; we will follow the will of the community and go through the regular EIP process like any other protocol improvement. Parity Technologies will handle much of the development work around these proposals and work constructively with the Ethereum Foundation team and the community towards further protocol layer development. We are committed to the continued development of Ethereum.
 

Parity Team

As a result of the activation of the vulnerability on November 6, funds were blocked on 587 wallets for a total of 513774.16 ETH.

Among the victims there were 16 major ICO: Polkadot, ICONOMI, Musiconomi, Moeda, Centrality and others.

Parity replied to Cisco's vulnerability report

According to the representatives of Parity, vulnerabilities are fixed
12 January 2018   113

Parity Technologies said that the vulnerabilities found by the Cisco Systems Inc. have been fixed in new versions of the Ethereum client software.

As stated in the developers' statement, the JSON-RPC interface, which supports the function of cross-domain requests, could really provide attackers with public information about an account to create an application for "undesirable transactions" and provide these transactions for signature to the user.

However, the company emphasizes, a potential leak of information could not contain confidential information, including private keys. All problems associated with the JSON-RPC interface have been fixed in the latest Parity software updates.

In addition, developers have changed the basic settings of the function of cross-domain requests in order to avoid information leakage. Now users must manually add secure domains to the whitelist in order to allow Parity software to interact with them.

Parity wallet is well known in cryptocurrency world. In July, hackers stole millions of dollars thru the vulnerability, which was fixed in few lines or code. In November, 513774.16 ETH got "froze".